QR-code phishing is no longer a niche attack. Microsoft says QR phishing attacks jumped from 7.6 million in January to 18.7 million in March 2026 — a 146% increase in just three months. In this episode of Cybersecurity Today, David Shipley explains why QR-based attacks are bypassing traditional corporate defences and why security teams need to rethink phishing awareness immediately.
We also cover a critical new Apache HTTP Server vulnerability with both denial-of-service and potential remote code execution impacts, a sustained DDoS and extortion campaign targeting Ubuntu developer Canonical, and a remarkable case in Taiwan where a university student allegedly used software-defined radio gear to trigger emergency braking on four high-speed trains.
Finally, CISA’s new “CI Fortify” guidance urges critical infrastructure operators to prepare for scenarios where they may need to disconnect from the internet and continue operating manually during a geopolitical cyber crisis.
Cybersecurity Today would like to thank Material Security for supporting this podcast. Material security provides. faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365. Contact them at material[dot]security
Stories include:
• Microsoft reports QR phishing attacks surged 146% in Q1 2026
• Apache HTTP Server CVE-2026-23918 urgent patch warning
• Ubuntu developer Canonical hit by ongoing DDoS and extortion campaign
• Taiwanese student allegedly halts high-speed trains with fake emergency radio signal
• CISA tells critical infrastructure operators to prepare for isolation and manual operations
Chapters:
00:00 Intro
01:02 QR phishing explodes in Q1 2026
06:15 Critical Apache HTTP Server flaw patched
09:15 Ubuntu maintainer Canonical hit by extortion DDoS attack
14:25 Taiwanese student wirelessly halts high-speed trains
20:32 CISA warns critical infrastructure to prepare for isolation
26:10 Closing thoughts
Read the original article: